popup

Cyber Threat Trends

  1. Day Week

Gemelli flickerflypro flickerfly

Summary: 2025/04/30 03:03

First reported date: 2013/03/05
Inquiry period : 2025/03/31 03:03 ~ 2025/04/30 03:03 (1 months), 55 search results

전 기간대비 5% 높은 트렌드를 보이고 있습니다.
전 기간대비 상승한 Top5 연관 키워드는 powershell c&c Update Phishing Advertising 입니다.
악성코드 유형 Xloader ViperSoftX Viper 도 새롭게 확인됩니다.
공격자 Gamaredon SideCopy 도 새롭게 확인됩니다.
공격기술 RCE 도 새롭게 확인됩니다.
기관 및 기업 Binance Italy Palo Alto Networks AhnLab 도 새롭게 확인됩니다.
기타 Threat Exploit Kit multistage Copy-Paste Military 등 신규 키워드도 확인됩니다.

 * 최근 뉴스기사 Top3:
    ㆍ 2025/04/29 Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting
    ㆍ 2025/04/29 Can We Stop Documenting Our Detections?
    ㆍ 2025/04/28 IR Trends Q1 2025: Phishing soars as identity-based attacks persist

Trend graph by period


Related keyword cloud
Top 100
# Trend Count Comparison
1powershell 55 ▲ 3 (5%)
2Malware 40 ▼ -5 (-13%)
3Campaign 28 ▼ -3 (-11%)
4Windows 25 ▼ -5 (-20%)
5Microsoft 23 ▼ -4 (-17%)
6c&c 23 ▲ 6 (26%)
7Update 22 ▲ 2 (9%)
8Phishing 21 ▲ 3 (14%)
9Advertising 20 ▲ 5 (25%)
10Report 18 ▼ -6 (-33%)
11Victim 17 ▼ -6 (-35%)
12IoC 17 ▼ -3 (-18%)
13United States 16 - 0 (0%)
14Exploit 16 ▼ -2 (-13%)
15target 16 ▲ 2 (13%)
16attack 14 ▼ -5 (-36%)
17Software 14 ▲ 6 (43%)
18Email 13 ▲ 3 (23%)
19Russia 13 ▲ 3 (23%)
20NetWireRC 12 ▼ -1 (-8%)
21Stealer 12 ▼ -8 (-67%)
22Kaspersky 12 ▲ 2 (17%)
23Distribution 11 ▲ 1 (9%)
24Vulnerability 10 ▼ -9 (-90%)
25GitHub 10 ▼ -2 (-20%)
26intelligence 10 ▲ 2 (20%)
27GameoverP2P 9 - 0 (0%)
28Ucraina 9 ▲ 7 (78%)
29VBScript 9 ▼ -1 (-11%)
30Operation 8 ▼ -2 (-25%)
31Browser 8 ▼ -2 (-25%)
32Ransomware 8 ▲ 1 (13%)
33Education 7 ▲ 2 (29%)
34Social Engineering 7 ▼ -3 (-43%)
35RCE 7 ▲ new
36WMI 7 ▲ 5 (71%)
37Java 7 ▼ -1 (-14%)
38Linux 7 ▲ 3 (43%)
39Remcos 6 ▲ 1 (17%)
40Government 6 ▲ 2 (33%)
41MFA 6 ▼ -2 (-33%)
42RAT 6 ▲ 1 (17%)
43Backdoor 6 - 0 (0%)
44Criminal 5 ▼ -8 (-160%)
45LinkedIn 5 ▼ -4 (-80%)
46Cobalt Strike 5 ▼ -1 (-20%)
47RATel 5 ▲ 2 (40%)
48Black Basta 5 ▲ 4 (80%)
49EDR 5 ▼ -2 (-40%)
50Downloader 5 ▲ 4 (80%)
51Trojan 5 - 0 (0%)
52Chrome 4 ▼ -1 (-25%)
53Twitter 4 ▼ -6 (-150%)
54ZeroDay 4 ▲ 1 (25%)
55Cryptocurrency 4 ▼ -3 (-75%)
56SMB 4 - 0 (0%)
57VPN 4 ▲ 2 (50%)
58Lumma 4 ▼ -5 (-125%)
59Cisco 4 ▼ -1 (-25%)
60South Korea 4 ▲ 2 (50%)
61North Korea 4 - 0 (0%)
62Telegram 4 ▼ -3 (-75%)
63Android 4 ▲ 3 (75%)
64China 4 ▼ -4 (-100%)
65Vawtrak 4 ▲ 1 (25%)
66hijack 4 ▲ 2 (50%)
67Red Team 4 ▲ 3 (75%)
68Taiwan 3 - 0 (0%)
69AsyncRAT 3 ▼ -4 (-133%)
70Binance 3 ▲ new
71Detection 3 ▲ 2 (67%)
72Germany 3 ▲ 2 (67%)
73Threat 3 ▲ new
74hacking 3 - 0 (0%)
75Italy 3 ▲ new
76ClickFix 3 - 0 (0%)
77Australia 3 ▲ 1 (33%)
78Xloader 3 ▲ new
79fake 3 ▲ 2 (67%)
80Remote Code Execution 3 ▼ -12 (-400%)
81DYEPACK 3 ▲ 2 (67%)
82Password 3 - 0 (0%)
83Palo Alto Networks 3 ▲ new
84Exploit Kit 2 ▲ new
85multistage 2 ▲ new
86IcedID 2 ▼ -2 (-100%)
87Copy-Paste 2 ▲ new
88Military 2 ▲ new
89Anonymous 2 ▲ new
90Google 2 ▼ -4 (-200%)
91PoC 2 ▲ 1 (50%)
92DarkWeb 2 ▼ -2 (-100%)
93AhnLab 2 ▲ new
94Gamaredon 2 ▲ new
95ViperSoftX 2 ▲ new
96Viper 2 ▲ new
97Tick 2 ▲ 1 (50%)
98Actor 2 ▲ new
99MimiKatz 2 ▼ -5 (-250%)
100SideCopy 2 ▲ new
Special keyword group
Top 5
Malware Type
Malware Type

This is the type of malware that is becoming an issue.

Keyword Average Label
NetWireRC
12 (14%)
GameoverP2P
9 (10.5%)
Ransomware
8 (9.3%)
Remcos
6 (7%)
RAT
6 (7%)
Attacker & Actors
Attacker & Actors

The status of the attacker or attack group being issued.

Keyword Average Label
Gamaredon
2 (33.3%)
Tick
2 (33.3%)
SideCopy
2 (33.3%)
Attack technique
Technique

This is an attack technique that is becoming an issue.

Keyword Average Label
Campaign
28 (24.3%)
Phishing
21 (18.3%)
Exploit
16 (13.9%)
Stealer
12 (10.4%)
Social Engineering
7 (6.1%)
Country & Company
Country & Company

This is a country or company that is an issue.

Keyword Average Label
Microsoft
23 (18.7%)
United States
16 (13%)
Russia
13 (10.6%)
Kaspersky
12 (9.8%)
Ucraina
9 (7.3%)
Threat info
Last 5

SNS

(Total : 17)
  Total keyword

powershell Malware target Attacker Kaspersky Russia NetWireRC Email Stealer ClickFix Ucraina Campaign Phishing Remcos Browser VBScript Rhadamanthys Government Microsoft Ransomware attack DCRat Gamaredon Binance SectopRAT Exploit ZeroDay RCE Advertising Xloader Palo Alto Networks North Korea Update Iran CVSS Germany Backdoor Cisco Downloader RAT Lumma hijack Ukraine ...

No Title Date
1Threat Intelligence @threatintel
#ThreatProtection Interlock ransomware group uses ClickFix social engineering, fake CAPTCHAs & PowerShell to deploy malware payloads. Read more about Symantec's protection: https://t.co/JGooj4A0XI #CyberThreat #Ransomware		2025.04.22
2Cyber_OSINT @Cyber_O51NT
A recent multi-stage malware attack utilizes .JSE and PowerShell to deliver Agent Tesla, Remcos RAT, and XLoader, as noted by Palo Alto Networks' Saqib Khanzada, who highlights attackers' tactics to evade detection and ensure payload execution. https://t.co/i7vn5wZL9L		2025.04.18
3The Hacker News @TheHackersNews
???? Microsoft Alert: Node.js-Powered Malware Campaign Ongoing... Since Oct 2024, fake Binance & TradingView installers have been used to deploy malware via Node.js and PowerShell. Linked threats include ClickFix tricks, SectopRAT malware, fake PDF tools, and HR-themed phishing https://t.co/0J		2025.04.17
4Threat Insight @threatinsight
If the target recipient opens attachments and allows execution (PDF -> URL -> zipped LNK -> PowerShell -> Ransomware), we have seen ransom examples like the below. PowerShell downloads and runs an executable which encrypts files (file extension: .flocked). This has previously https://t.c		2025.04.17
5Threat Insight @threatinsight
UNK_RemoteRogue (Russia): In Dec 2024, a targeted campaign used compromised infrastructure to send emails to people linked to a defense industry manufacturer. The emails contained directions in Russian to copy malicious PowerShell code from the browser to their terminal. https://t.co/8c7S1wTplG		2025.04.17

News

(Total : 38)
  Total keyword

powershell Malware Windows Campaign c&c Attacker Update Microsoft Advertising Phishing Report Victim IoC United States Exploit Software attack Distribution target intelligence Vulnerability Email Stealer GitHub Russia GameoverP2P NetWireRC Operation Kaspersky WMI VBScript Linux Education Java MFA Social Engineering Ucraina RCE Ransomware Browser RATel Backdoor Criminal RAT Trojan EDR LinkedIn Cobalt Strike Black Basta SMB Vawtrak Cryptocurrency China South Korea Twitter Telegram Government Android Downloader Chrome Red Team VPN Lumma AsyncRAT DYEPACK Italy ZeroDay Remcos hacking Taiwan hijack Cisco Password North Korea Remote Code Execution Australia Tick Viper Copy-Paste schtasks Clop Xloader PoC Exploit Kit AhnLab Binance Palo Alto Networks SideCopy India VMware DarkWeb CACTUS ViperSoftX MimiKatz Google Germany ...

No Title Date
1Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting - Malware.News2025.04.29
2Can We Stop Documenting Our Detections? - Malware.News2025.04.29
3IR Trends Q1 2025: Phishing soars as identity-based attacks persist - Malware.News2025.04.28
4How Threat Intelligence Feeds Help During Incident Response - Malware.News2025.04.23
5Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs - Malware.News2025.04.23

Additional information

Level Description
danger The process powershell.exe wrote an executable file to disk which it then attempted to execute
danger File has been identified by 32 AntiVirus engines on VirusTotal as malicious
watch A command shell or script process was created by an unexpected parent process
watch Communicates with host for which no DNS query was performed
watch Disables proxy possibly for traffic interception
watch Found URLs in memory pointing to an IP address rather than a domain (potentially indicative of Command & Control traffic)
watch One or more non-whitelisted processes were created
watch Resumed a suspended thread in a remote process potentially indicative of process injection
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice Creates a shortcut to an executable file
notice Creates a suspicious process
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice Performs some HTTP requests
notice Potentially malicious URLs were found in the process memory dump
notice Yara rule detected in process memory
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Queries for the computername
info Uses Windows APIs to generate a cryptographic key
No data
No URL CC ASN Co Reporter Date
1https://paste.ee/d/foOP0g8Z/0
ascii powershell ps1 		abuse_ch2025.04.25
2http://176.65.134.8/metacodings.txt
ascii AsyncRAT powershell ps1 rat 		DE DEDiogelo Ltd.abuse_ch2025.04.25
3https://paste.ee/d/L8tHN98p/0
ascii powershell ps1 xworm 		abuse_ch2025.04.25
4https://www.wilkinsonbeane.com/css/slider/asclepiadaceaebOet.php
ascii opendir powershell ps1 		US USUNIFIEDLAYER-AS-1abuse_ch2025.04.25
5https://www.wilkinsonbeane.com/css/slider/sciurineslwWf.php
ascii opendir powershell ps1 		US USUNIFIEDLAYER-AS-1abuse_ch2025.04.25
View only the last 5
Beta Service, If you select keyword, you can check detailed information.